Malicious software threatens internet economy

National economies and security interests face a growing threat from malicious software, says a damning report by the Organization for Economic Co-operation and Development (OECD). Communities involved in fighting malware “offer essentially a fragmented local response to a global threat,” says the report, which urges international cooperation to combat the danger. The report cites evidence that around one in four personal computers in the United States — or fifty-nine million — is already infected with malware. A booming market in cyber attack software and services has also made attacks more sophisticated and cheaper to perform.

NewScientist’s Colin Barras and Tom Simonite write that malware is commonly used to turn ordinary PCs into “zombie” computers, which can then be controlled by criminals over the internet without their legitimate owners’ knowledge. These machines are used to send out roughly 80 percent of all spam and to attack commercial Web sites and other internet-linked systems with meaningless traffic as part of extortion schemes. An army of remotely controlled PCs — known as a botnet — can now be rented for as little as as thirty-three cents per machine, far less that the actual cost of the hardware. The largest botnets on record have comprised more than one million computers. While the number of machines corralled into botnets is increasing, the OECD found that botnets themselves are shrinking to avoid detection. Rather than launching high-profile attacks to bring down a target, small botnets can subtly reduce the target’s internet service over a prolonged period. Most malware infections (93 percent) occur on home users’ computers. OECD research suggests, however, that this can have a knock-on effect on national industries reliant on online transactions such as banking. For example, malware may deter people from using the internet to access more efficient savings products. A group of British banks put the cost of malware for 2006 at £33.5 million, 90 percent higher than in 2004 and growing. But such estimates do not include indirect costs such as losing the trust of consumers, the OECD points out.

Thirty-eight countries around the world now have national bodies focused on computer security, but the OECD says international organisations and agreements are needed to properly measure the impact of malware attacks and counteract them. Just weeks ago NATO opened its first Cyber Defense Center. It is located in Estonia, which saw its entire internet service crippled by botnets in 2007 after a diplomatic row with Russia. The full OECD report Malware: A security threat to the Internet economy is available online. Ministers from the OECD’s 30 member nations will discuss malware later this month at a meeting on the internet economy.